New SMB2/3 features and SMB_VFS_* and connection_struct...
Stefan (metze) Metzmacher
metze at samba.org
Tue May 29 07:56:47 MDT 2012
Am 29.05.2012 15:21, schrieb simo:
> On Tue, 2012-05-29 at 14:23 +0200, Stefan (metze) Metzmacher wrote:
>> Hi Simo,
>>
>>>> We should also impersonate more correctly, so that all operations
>>>> on a file handle run as the same user, including TCP disconnects.
>>>> To do this sanely we need to have an tevent_context wrapper,
>>>> which impersonates before calling any event handler.
>>>> See
>>>> https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-impersonate
>>>>
>>>> Comments, please:-)
>>>
>>> I see how you become the desired user, but there is no way to go 'back'.
>>> This seem to imply you cannot mix tevent_impersonate with any other
>>> tevent call, as the process will change user and will not change it back
>>> once done.
>>> Where is the trick/technical detail I am missing ?
>>
>> Currently 'smbd' also changes the user only if needed.
>> It doesn't change back to root in every event loop.
>> There're explicit 'change_to_root()' calls if really needed.
>>
>> That's why we'd have 3 types of tevent_context pointers:
>> 1. the raw tevent_context that doesn't do any impersonation
>> 2. a tevent_context that runs the handlers as root
>> tevent_change_to_root()
>> 3. a tevent_context that runs as the correct user
>> tevent_change_to_user(),
>> Note: that this also needs to call set_current_service()
>>
>> And I think the SMB_VFS modules should only have access to 3.
>
> Hmm if you are using a different tevent context, doesn't it mean we will
> not be fully asynchronous ?
>
> If we are looping in the 'impersonation' context and a file descriptor
> becomes ready for reading in the raw context, then we will not server
> the one in the raw context until we return back from the loop handling
> the impersonation context ?
>
> The same is true in reverse also ?
>
> Isn't there a risk of starvation here ?
> What about interactions between code that run in 2 different context ?
We have 3 tevent_context structures, but two are just wrappers,
which inject a handler function in order to impersonate before
calling the real handler.
tevent_loop_once/_wait will call smb_panic() if called via the wrappers.
Did you get what I mean?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120529/653092f0/attachment.pgp>
More information about the samba-technical
mailing list